Cisco Cisco Firepower Management Center 4000

You can specify only one of 

, 

, or 

.

To define how the 

byte_test

 keyword calculates the bytes it tests, choose from the arguments in the 

following table. If neither argument is specified, network byte order is used.

You can define how the system views string data in a packet by using one of the arguments in the 
following table.

For example, if the value for 

byte_test

 is specified as the following:

Bytes = 4

Operator and Value > 128

Offset = 8

Relative enabled

Relative

Makes the offset relative to the last successful pattern match.

Align

Rounds the number of converted bytes up to the next 32-bit boundary.

Big Endian

Processes data in big endian byte order, which is the default network byte order.

Little 
Endian

Processes data in little endian byte order.

DCE/RPC

Specifies a 

byte_test

 keyword for traffic processed by the DCE/RPC preprocessor. See 

 for more information.

The DCE/RPC preprocessor determines big endian or little endian byte order, and the 

 and 

 argument do not apply.

When you enable this argument, you can also use 

byte_test

 in conjunction with other 

specific DCE/RPC keywords. See 

 for more 

information.

The DCE/RPC preprocessor must be enabled to allow processing of rules that include 
this option. When the DCE/RPC preprocessor is disabled and you enable rules that use 
this option, you are prompted whether to enable the preprocessor when you save the 
policy. See 

.

Hexadecimal String

Represents converted string data in hexadecimal format.

Decimal String

Represents converted string data in decimal format.

Octal String

Represents converted string data in octal format.